Hackers and Auditors: A Love Story?

By: Amanda Saxton, Manager, Education, Food Marketing Institute

If there were two professions pulled together by unlikely fate, it’s auditors and hackers. This oft-unmentioned relationship always begins unknowingly, but the thrill of the challenge leads two polar opposite roles down a tumultuous path. A love that could only be described by three C’s: charm, confidence, and code skills.

Five years ago, cyber threats were easier to spot. Phishing ads looked like spam and were riddled with syntax errors. Similar to the evolving marketplace, cyberthreats have radically changed in the last six months. Today, it’s hard to differentiate a secure website from a spoofed site. Hackers are tailoring their techniques to wreak havoc on the protections auditors put in place.

While auditors try to play “hard to get,” it only encourages “the chase.” According to Bryan Thompson, Director of Risk Advisory Services at RSM, cybercriminals pine for loopholes in auditors’ security measures:

“Traditional auditors follow a “checkbox” approach with regards to cybersecurity controls. If an auditor does perform regular cybersecurity audits, usually they are not comprehensive or follow the data that is critical to an organization.” said Thompson. “Hackers know that auditors follow this approach and will attempt every possible situation to be successful.”

To break this cycle, it’s critical for internal auditors to work with IT departments to be proactive against cyber-attacks.

Bryan explained, “Auditors need to use a threat-scenario based approach to identify the highest level of risk areas to their organization. For example, if a credit card breach or loss of data would be the highest level of risk to an organization then they need to focus their audit on looking at the controls associated to protecting that information.”

With consumer spending set to hit $100 billion in online sales by 2022, according to FMI’s Digitally Engaged Shopper study, protecting your customers, brands and reputation with cyber and data security has never been a bigger priority.

“If a customer, whether individual or another business, loses faith that a food retailer is not taking the necessary precautions around protecting the loss of critical information or causing disruptions to their operations from cyber-attacks then their business could be severely impacted,” Bryan said.

Learn best practices for security, and new approaches to conducting cybersecurity audits for protection during “Hacker Meets Auditor - A Love Story?” with Bryan Thompson at FMI’s 2018 Financial Executive and Internal Auditors Conference. Register here.